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International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 



Examiner 's Statement of Reasons for Allowance 

1. Claims 1-10, 12-26 and 27-33 are allowed over prior art. 

2. This action is in reply to applicant's correspondence of 06 August 2007. 

3. The following is an examiner's statement of reasons for the indication of allowable 
claimed subject matter. 

4. As per claims 1, 24 and 30 generally, prior art of record, Muttik et al, U.S. Patent 
Application Publication 2003/0023864 Al, fails to teach alone, or in combination, at the time of 
the invention, the features as discussed and remarked upon in the response of 06 August 2007 to 
office action of 20 June 2007. 

Specifically, (as per claim 1, for example) prior art dealing with the ability to manage 
malware detection and mitigation, insofar as generic methods generally, and technological 
solutions such as via integrity management techniques such as detection of suspicious or 
multiple file extensions, more particularly (i.e., file modification that shows the harmless first 
extension (i.e., .txt, jpg, etc.,), but hides the second extension (i.e., .EXE, .VBS, etc.,); Lee, a., etai, 

'Back to the Future - Fresh Approaches to Malware Management', EICAR Conf. Proceedings 2002, pp. 76-109, 

http://www.aomr.co.uk/papers/iee-hariey.pdf), is generally known per se. Nowhere in the prior art is found 
collectively the italicized claim elements (i.e., the various aspects of stalling a critical OS 
function call prior to determination of the last, next to last file name extensions and the 
determination of the multiple extensions to be dangerous, and subsequent generation of 
notification with possible computer protective actions taken upon such determination), at the 
time of the invention, serving to patently distinguish the invention from said prior art; 
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"1 . A method comprising: 

stalling a file system event, 

said file system event including a file name; 
parsing said file name to obtain at least 
a last file name extension, and 
a next to last file name extension, when present, 
of said file name; 
determining whether said last file name extension is 
the only file name extension of said file name; 
upon a determination that said last file name extension is 
not the only file name extension of said file name, 

determining whether said last file name extension is 
a dangerous file name extension ; and 
upon a determination that said last file name extension is 
a dangerous file name extension, 
generating a notification" . 



5. Dependent claims 2-10, 12-23, 25, 26, 28, 29, 31-33 are allowable by virtue of their 
dependencies. 
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Conclusion 

6. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (571) 272-3861, and whose 
unofficial Fax number is (571) 273-3861 and unofficial email is Ronald.baum@uspto.gov. The 
examiner can normally be reached Monday through Thursday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami, can be reached at (571) 272-4195. The Fax number for the 
organization where this application is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. For more information for 
unpublished applications is available through Private PAIR only. For more information about the 
PAIR system, see http://pair-direct.uspto.gov . Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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